FD.io VPP  v21.06
Vector Packet Processing
ipsec_types.api
Go to the documentation of this file.
1 /* Hey Emacs use -*- mode: C -*- */
2 /*
3  * Copyright (c) 2015-2016 Cisco and/or its affiliates.
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 option version = "3.0.1";
18 
19 import "vnet/ip/ip_types.api";
20 import "vnet/tunnel/tunnel_types.api";
21 
22 /*
23  * @brief Support cryptographic algorithms
24  */
26 {
39 };
40 
41 /*
42  * @brief Supported Integrity Algorithms
43  */
45 {
47  /* RFC2403 */
49  /* RFC2404 */
51  /* draft-ietf-ipsec-ciph-sha-256-00 */
53  /* RFC4868 */
55  /* RFC4868 */
57  /* RFC4868 */
59 };
60 
62 {
64  /* Enable extended sequence numbers */
66  /* Enable Anti-replay */
68  /* IPsec tunnel mode if non-zero, else transport mode */
70  /* IPsec tunnel mode is IPv6 if non-zero,
71  * else IPv4 tunnel only valid if is_tunnel is non-zero */
73  /* enable UDP encapsulation for NAT traversal */
75  /* IPsec SA is for inbound traffic */
77  /* IPsec SA uses an Async driver */
78  IPSEC_API_SAD_FLAG_ASYNC = 0x80 [backwards_compatible],
79 };
80 
82 {
85 };
86 
87 typedef key
88 {
89  /* the length of the key */
90  u8 length;
91  /* The data for the key */
92  u8 data[128];
93 };
94 
95 /** \brief IPsec: Security Association Database entry
96  @param client_index - opaque cookie to identify the sender
97  @param context - sender context, to match reply w/ request
98  @param is_add - add SAD entry if non-zero, else delete
99  @param sad_id - sad id
100  @param spi - security parameter index
101  @param protocol - 0 = AH, 1 = ESP
102  @param crypto_algorithm - a supported crypto algorithm
103  @param crypto_key - crypto keying material
104  @param integrity_algorithm - one of the supported algorithms
105  @param integrity_key - integrity keying material
106  @param tunnel_src_address - IPsec tunnel source address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
107  @param tunnel_dst_address - IPsec tunnel destination address IPv6 if is_tunnel_ipv6 is non-zero, else IPv4. Only valid if is_tunnel is non-zero
108  @param tx_table_id - the FIB id used for encapsulated packets
109  @param salt - for use with counter mode ciphers
110  @param udp_src_port - If using UDP Encapsulation, use this source port for
111  TX. It is ignored for RX.
112  @param udp_dst_port - If using UDP Encapsulation, use this destination port
113  for TX. Expect traffic on this port for RX.
114  @param tunnel_flags - Flags controlling the copying of encap/decap value
115  @param dscp - Fixed DSCP vaule for tunnel encap
116  */
117 typedef ipsec_sad_entry
118 {
119  u32 sad_id;
120 
122 
123  vl_api_ipsec_proto_t protocol;
124 
125  vl_api_ipsec_crypto_alg_t crypto_algorithm;
126  vl_api_key_t crypto_key;
127 
128  vl_api_ipsec_integ_alg_t integrity_algorithm;
129  vl_api_key_t integrity_key;
130 
131  vl_api_ipsec_sad_flags_t flags;
132 
133  vl_api_address_t tunnel_src;
134  vl_api_address_t tunnel_dst;
137  u16 udp_src_port [default=4500];
138  u16 udp_dst_port [default=4500];
139 };
140 
141 typedef ipsec_sad_entry_v2
142 {
143  u32 sad_id;
144 
145  u32 spi;
146 
147  vl_api_ipsec_proto_t protocol;
148 
149  vl_api_ipsec_crypto_alg_t crypto_algorithm;
150  vl_api_key_t crypto_key;
151 
152  vl_api_ipsec_integ_alg_t integrity_algorithm;
153  vl_api_key_t integrity_key;
154 
155  vl_api_ipsec_sad_flags_t flags;
156 
157  vl_api_address_t tunnel_src;
158  vl_api_address_t tunnel_dst;
159  vl_api_tunnel_encap_decap_flags_t tunnel_flags;
160  vl_api_ip_dscp_t dscp;
162  u32 salt;
163  u16 udp_src_port [default=4500];
164  u16 udp_dst_port [default=4500];
165 };
166 
167 typedef ipsec_sad_entry_v3
168 {
169  u32 sad_id;
170  u32 spi;
171 
172  vl_api_ipsec_proto_t protocol;
173 
174  vl_api_ipsec_crypto_alg_t crypto_algorithm;
175  vl_api_key_t crypto_key;
176 
177  vl_api_ipsec_integ_alg_t integrity_algorithm;
178  vl_api_key_t integrity_key;
179 
180  vl_api_ipsec_sad_flags_t flags;
181 
182  vl_api_tunnel_t tunnel;
183 
184  u32 salt;
185  u16 udp_src_port [default=4500];
186  u16 udp_dst_port [default=4500];
187 };
188 
189 
190 /*
191  * Local Variables:
192  * eval: (c-set-style "gnu")
193  * End:
194  */
u32 spi
option version
Definition: ipsec_types.api:17
vl_api_tunnel_encap_decap_flags_t tunnel_flags
vl_api_address_t tunnel_dst
ipsec_proto
Definition: ipsec_types.api:81
vl_api_ipsec_sad_flags_t flags
vl_api_ipsec_proto_t protocol
u32 tx_table_id
vl_api_ipsec_integ_alg_t integrity_algorithm
unsigned char u8
Definition: types.h:56
u8 data[128]
Definition: ipsec_types.api:92
unsigned int u32
Definition: types.h:88
vl_api_ipsec_crypto_alg_t crypto_algorithm
u32 salt
vl_api_address_t tunnel_src
u16 udp_src_port[default=4500]
vl_api_key_t integrity_key
unsigned short u16
Definition: types.h:57
typedef ipsec_sad_entry_v3
ipsec_sad_flags
Definition: ipsec_types.api:61
vl_api_ip_dscp_t dscp
vl_api_key_t crypto_key
u16 udp_dst_port[default=4500]
char const int length
Definition: cJSON.h:163
ipsec_crypto_alg
Definition: ipsec_types.api:25
typedef key
Definition: ipsec_types.api:88
typedef ipsec_sad_entry
IPsec: Security Association Database entry.
typedef ipsec_sad_entry_v2
vl_api_tunnel_t tunnel
ipsec_integ_alg
Definition: ipsec_types.api:44